All Apps and Add-ons

Cross Application Search

hartfoml
Motivator

I am useing the Global Threat Landscape (GTL) app and like it

I wan to build a report that shows any of the IP's on the IP_Watchlist that have contacted my firewall. I would like to see this type of report.

top 10 Offending_IP, Country, Destination_IP, Destination_DNS_Name, Firewall_Action

My question is how do I use the GTL offending_ip and country lookup info to search my firewall logs for connection state?

0 Karma

joshd
SplunkTrust
SplunkTrust

Change the permissions of the app so the "Sharing for config file-only objects" is set to "All apps" .. then all the other apps will be able to see what's available in that specific app.